Software security in computing devices, especially mobile devices, today is becoming increasing important. Computing devices, especially mobile devices, have become increasingly open. For example, mobile devices now commonly allow for the installation of new applications to extend the functionality of the device. However, this openness brings security risks, such as the risk of malware, just has been seen in the world of personal computers.
To deal with these risks, most mobile device platforms have introduced various security architectures. Typically, in these security architectures, the mobile device platform is protected based on granting privileges to software, usually based on code signing. The access control decision to assign privileges to software processes is based either on code signing or on explicit user approval, or a combination thereof.
Unfortunately, the cost of obtaining signatures and meeting strict quality requirements deters many developers from participating and contributing to application development. If a certain piece of software does not come with an acceptable signature, the mobile device may give the user the option of deciding whether that software should be granted the requested privileges. Designing the user interaction for this step without hampering usability and security can be tedious. Furthermore, when users are simply prompted whether they want to grant certain privileges to some software, they often do not have enough information to understand the implications of this action.